How to create static configuration for load balancer in OpenShift 3.11

Create static configuration for load balancer in OpenShift 3.11.

All operations are performed on the management node.

Define load balancer configuration in hosts file.

    # LB
    openshift_loadbalancer_additional_frontends:
      - name: "apps-http"
        mode: "tcp"
        options: 
          - "tcplog"
        binds: 
          - "*:80"
        default_backend: "apps-http"
      - name: "apps-https"
        mode: "tcp"
        options: 
          - "tcplog"
        binds: 
          - "*:443"
        default_backend: "apps-https"

    openshift_loadbalancer_additional_backends:
      - name: "apps-http"
        balance: "source"
        mode: "tcp"
        servers:
          - name: "infra0"
            address: "192.0.2.11:80"
            opts: "check"
      - name: "apps-https"
        balance: "source"
        mode: "tcp"
        servers:
          - name: "infra0"
            address: "192.0.2.11:443"
            opts: "check"

Define load balancer in hosts file.

lb:
  hosts:
    openshift-example-lb-1.example.org:

masters:
  hosts:
    openshift-example-master-1.example.org:

etcd:
  hosts:
    openshift-example-master-1.example.org:

nodes:
  hosts:
    openshift-example-master-1.example.org:
      openshift_node_group_name: node-config-master

    openshift-example-infra-1.example.org:
      openshift_node_group_name: node-config-infra

    openshift-example-node-[1:2].example.org:
      openshift_node_group_name: node-config-compute

Run playbook to update balancer configuration.

$ ansible-playbook -i hosts playbooks/openshift-loadbalancer/config.yml
[...]
PLAY RECAP *************************************************************************************************************************************************************************************************************************************************************************
localhost                              : ok=12   changed=0    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0   
openshift-example-infra-1.example.org  : ok=0    changed=0    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0   
openshift-example-lb-1.example.org     : ok=29   changed=4    unreachable=0    failed=0    skipped=30   rescued=0    ignored=0   
openshift-example-master-1.example.org : ok=40   changed=0    unreachable=0    failed=0    skipped=36   rescued=0    ignored=0   
openshift-example-node-1.example.org   : ok=0    changed=0    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0   
openshift-example-node-2.example.org   : ok=0    changed=0    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0   


INSTALLER STATUS *******************************************************************************************************************************************************************************************************************************************************************
Initialization         : Complete (0:00:11)
Load Balancer Install  : Complete (0:00:09)
Wednesday 15 April 2020  20:45:37 +0200 (0:00:00.035)       0:00:20.437 ******* 
=============================================================================== 
Gathering Facts ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.76s
tuned : Ensure files are populated from templates --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.62s
tuned : Restart tuned service ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.31s
openshift_loadbalancer : Configure haproxy ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.87s
openshift_loadbalancer : Install haproxy ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.75s
openshift_loadbalancer : Enable and start haproxy --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.75s
get openshift_current_version ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.63s
openshift_loadbalancer : Add iptables allow rules --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.60s
Gather Cluster facts -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.60s
tuned : Ensure directory structure exists ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.60s
openshift_loadbalancer : Configure systemd service directory for haproxy ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.42s
tuned : Check for tuned package --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.42s
openshift_control_plane : slurp --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.41s
Detecting Operating System from ostree_booted ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.40s
openshift_loadbalancer : Configure the nofile limits for haproxy ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.39s
Initialize openshift.node.sdn_mtu ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.38s
openshift_loadbalancer : restart haproxy ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.34s
tuned : Make tuned use the recommended tuned profile on restart ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.33s
Fetch ca.crt from cluster if exists ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.19s
openshift_control_plane : stat ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.18s

Configuration generated on load balancer.

# Global settings
#---------------------------------------------------------------------
global
    maxconn     20000
    log         /dev/log local0 info
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
#    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          300s
    timeout server          300s
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 20000

listen stats
    bind :9000
    mode http
    stats enable
    stats uri /

frontend  atomic-openshift-api
    bind *:8443
    default_backend atomic-openshift-api
    mode tcp
    option tcplog
frontend  apps-http
    bind *:80
    default_backend apps-http
    mode tcp
    option tcplog
frontend  apps-https
    bind *:443
    default_backend apps-https
    mode tcp
    option tcplog

backend atomic-openshift-api
    balance source
    mode tcp
    server      master0 192.0.2.10:8443 check
backend apps-http
    balance source
    mode tcp
    server      infra0 192.0.2.11:80 check
backend apps-https
    balance source
    mode tcp
    server      infra0 192.0.2.11:443 check